Can/should OpenIdConnectCachingSecurityTokenProvider be fault tolerant

[phatcher]

Copied from AzureADQuickStarts/B2C-WebApp-WebAPI-OpenIDConnect-DotNet#9 (comment) as @parakhj says the old sample will be deprecated...

Issue I had today was my API couldn't connect to Azure B2C, during startup which caused a yellow screen with the API.

[WebException: The remote server returned an error: (500) Internal Server Error.]
   System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult) +606
   System.Net.WebClient.GetWebResponse(WebRequest request, IAsyncResult result) +19
   System.Net.WebClient.DownloadBitsResponseCallback(IAsyncResult result) +91
   System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +92
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +58
   Microsoft.IdentityModel.Protocols.<GetDocumentAsync>d__4.MoveNext() in c:\workspace\WilsonForDotNet45Release\src\Microsoft.IdentityModel.Protocol.Extensions\Configuration\GenericDocumentRetriever.cs:42

[IOException: Unable to get document from: https://login.microsoftonline.com/contoso.onmicrosoft.com/v2.0/.well-known/openid-configuration?p=B2C_1_StandardSignup]
   Microsoft.IdentityModel.Protocols.<GetDocumentAsync>d__4.MoveNext() in c:\workspace\WilsonForDotNet45Release\src\Microsoft.IdentityModel.Protocol.Extensions\Configuration\GenericDocumentRetriever.cs:48
   System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +92
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +58
   Microsoft.IdentityModel.Protocols.<GetAsync>d__0.MoveNext() in c:\workspace\WilsonForDotNet45Release\src\Microsoft.IdentityModel.Protocol.Extensions\Configuration\OpenIdConnectConfigurationRetriever.cs:81
   System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +92
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +58
   System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(Task task) +25
   Microsoft.IdentityModel.Protocols.<GetConfigurationAsync>d__3.MoveNext() in c:\workspace\WilsonForDotNet45Release\src\Microsoft.IdentityModel.Protocol.Extensions\Configuration\ConfigurationManager.cs:198

Given that we are making an RPC call which can fail, does it make sense for the policy acquisition not to fail/throw so that the API doesn't crash at startup, it just can't authenticate using OAuth. When the service comes back, it will then pick up the policies, something like...

private void RetrieveMetadata()
{
	_synclock.EnterWriteLock();
	try
	{
		OpenIdConnectConfiguration config = Task.Run(_configManager.GetConfigurationAsync).Result;
		_issuer = config.Issuer;
		_tokens = config.SigningTokens;
	}
	catch (AggregateException ex)
	{
		// Unwrap and log
	}
	catch (Exception ex)
	{
		// Log failure
	}
	finally
	{
		_synclock.ExitWriteLock();
	}
}

What I then get if the front-end can talk to B2C are
DX10500: Signature validation failed. Unable to resolve SecurityKeyIdentifier: 'SecurityKeyIdentifier errors as the issuer/token are null in the API.

What I don't know is if this is appropriate, i.e. JwtFormat keep calling the IIssuerSecurityTokenProvider, or am I abusing the interface.